> A particular thing I don’t like about git forge websites is the way they make you create an account.
Exactly. I used to have a GitHub account but as soon as it got bought out by Microsoft, I was gone.
I still refuse to create an account, even though there have been bugs I wanted to report or patches I wanted to contribute. Maybe some maintainers still have email addresses on their profile, many don't. Even if they do, I just don't get the motivation to email them.
People like to complain about email a lot, but I enjoy different mailing lists for open source software. You could have discussions with other users of that software or keep track of development by following the "-devel" list. All you needed is something you already had—email. Sadly, they're becoming less popular. Even python moved to discourse which—dun dun dun—requires an account. grumble grumble
I like SourceHut for many reasons—it's the fastest forge I've used, it's FOSS, doesn't try to copy the GitHub UI like every other Git forge these days. But by far the reason I love it is _because_ it doesn't require me creating an account to contribute. I think of it as gitweb, but nicer.
Security/privacy yeah. I don't do business with Twitter/Facebook for the same reason. In the case of GitHub, if I want to contribute something, I am going to do it volitionally, knowing they will do whatever they want with it.
Creating an account just locks you in, when the alternative exists or existed before. SourceHut proves this is possible. Why not allow non-accounts to contribute?
OK, that's a really solid reason. Thank you! For me, it suggests that someone like you might not mind creating an account on a system I run (because I allow anonymous account creation without anything at all although providing an email is encouraged).
Bad comparison. People who are critical of others' complaints about creating and/or logging in to a GitHub account like this aren't going through the trouble of creating a GitHub account in 2025 (as opposed to, say, 2015) and are clearly logging in once and staying logged in.
I encourage you to try an experiment where you pick three or four (or more) times a day to log out of your HN account and only log back in the next time you need to perform some action that requires an account/authorization. Now do the same with GitHub and compare the experience. They've made merely logging in such a massive pain in the ass that somehow goes beyond the anticipated pain around "here's a forced 2FA workflow you didn't ask for but have to run through, anyway". All so you can be generous with your time to someone else's benefit and e.g. leave a signpost comment with answers to a shared problem in some neglected bugtracker, but it's real a kicker when this is interrupting a semi-flow state.
> Now do the same with GitHub and compare the experience. They've made merely logging in such a massive pain in the ass that somehow goes beyond the anticipated pain around "here's a forced 2FA workflow you didn't ask for but have to run through, anyway".
I don't agree, in my opinion it's easier than logging into HN because Github has passwordless auth with passkeys.
I don't even have to enter a username, I just click "Sign in with a passkey" and use my passkey and then I'm logged in, no "forced 2FA workflow"
Those passkeys that you and GitHub are talking about require a separate authenticator to use.
> no "forced 2FA workflow"
What does "2FA" stand for?
> it's easier than logging into HN
You have your thumb on the scale (which seems to happen every time someone criticizes GitHub). You have already indicated a willingness/desire to use an authenticator. At that point, there is literally nothing stopping the authenticator from providing the exact same user experience, where instead of releasing your "passkey", it provides your password to HN's login form. And oh wait that's exactly how scores of password managers work, including the ones that are built in to every mainstream browser. (If you're somehow using one that for whatever reason doesn't do that, then it's self-inflicted, which is exactly opposite to the case of the forced 2FA flow that GitHub imposes.)
This is without even mentioning that you have to set all this up.
> It's not, though. The passkey itself is strictly a single factor.
The passkey alone is not sufficient to log in. You must also provide a successful response to the WebAuthn challenge from an authenticator that has been registered/configured with that passkey.
> That's kinda the point, to reduce user toil.
It's almost as if letting people elect to enter their secure, never-written-down-anywhere-else passphrase would accomplish that.
Great. Now go ahead and try to argue the indefensible position that relying on an authenticator to supply a passkey is somehow not a form of two-factor auth.
> I'm not using anything other than my browser.
... as your authenticator. The fact that you're using your browser and its built-in support for this as your authenticator but are using the term "browser" when you're talking about it instead of the word "authenticator" (GitHub's term—here's their documentation about authenticators, which I'm sure you could have Googled: <https://docs.github.com/en/authentication/authenticating-wit...>) doesn't change its role.
> (which doesn't take longer than 15-20s)
Aside from the fact that the ~5 seconds that it takes to create an HN account is not even the same as the 15–20 second estimate that you're offering here, there's the minor problem that that estimate is bogus.
You are simply not being honest in your reckoning of the respective costs. Here's GitHub's own documentation for the process of adding a passkey to your account:
> as I stated it's my opinion, having a different opinion doesn't make me dishonest
Stating your opinion doesn't make you dishonest, but arguing about things that are matters of fact and not opinions—measurable, quantitative things—and doing it with bad quantities chosen in a dishonest way is, in fact, dishonest.
Here's the Wikipedia article about intellectual dishonesty:
It's a good point, I suppose, but it doesn't have to be so black-and-white. There are certain exceptions to this no-account rule of course, like for your bank.
Now, would HN be better without an account? I believe it would, why not? I like lurking (and sometimes commenting) on HN though so I feel like creating an account is valid. Also, HN works fine without JS and has no trackers, which does tend to get me to create an account.
Exactly. I used to have a GitHub account but as soon as it got bought out by Microsoft, I was gone.
I still refuse to create an account, even though there have been bugs I wanted to report or patches I wanted to contribute. Maybe some maintainers still have email addresses on their profile, many don't. Even if they do, I just don't get the motivation to email them.
People like to complain about email a lot, but I enjoy different mailing lists for open source software. You could have discussions with other users of that software or keep track of development by following the "-devel" list. All you needed is something you already had—email. Sadly, they're becoming less popular. Even python moved to discourse which—dun dun dun—requires an account. grumble grumble
I like SourceHut for many reasons—it's the fastest forge I've used, it's FOSS, doesn't try to copy the GitHub UI like every other Git forge these days. But by far the reason I love it is _because_ it doesn't require me creating an account to contribute. I think of it as gitweb, but nicer.